server config UPDATE remove ssh auth attempts
These attempts were redundant, since there is only one try for each auth
method.
diff --git a/modules/libnetconf2-netconf-server@2024-01-15.yang b/modules/libnetconf2-netconf-server@2024-01-15.yang
index 5428820..1c01e77 100644
--- a/modules/libnetconf2-netconf-server@2024-01-15.yang
+++ b/modules/libnetconf2-netconf-server@2024-01-15.yang
@@ -244,13 +244,6 @@
description
"Grouping for SSH authentication parameters.";
- leaf auth-attempts {
- type uint16;
- default 3;
- description
- "Represents the number of failed attempts before an authentication is deemed unsuccessful.";
- }
-
leaf auth-timeout {
type uint16;
default 30;
diff --git a/src/server_config.c b/src/server_config.c
index 22e8d81..c66360f 100644
--- a/src/server_config.c
+++ b/src/server_config.c
@@ -2109,38 +2109,6 @@
}
static int
-nc_server_config_auth_attempts(const struct lyd_node *node, NC_OPERATION op)
-{
- int ret = 0;
- struct nc_server_ssh_opts *opts;
- struct nc_ch_client *ch_client = NULL;
-
- assert(!strcmp(LYD_NAME(node), "auth-attempts"));
-
- /* LOCK */
- if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
- /* to avoid unlock on fail */
- return 1;
- }
-
- if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
- ret = 1;
- goto cleanup;
- }
-
- if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
- opts->auth_attempts = ((struct lyd_node_term *)node)->value.uint16;
- }
-
-cleanup:
- if (is_ch(node)) {
- /* UNLOCK */
- nc_ch_client_unlock(ch_client);
- }
- return ret;
-}
-
-static int
nc_server_config_auth_timeout(const struct lyd_node *node, NC_OPERATION op)
{
int ret = 0;
@@ -3706,8 +3674,6 @@
ret = nc_server_config_keystore_reference(node, op);
} else if (!strcmp(name, "user")) {
ret = nc_server_config_user(node, op);
- } else if (!strcmp(name, "auth-attempts")) {
- ret = nc_server_config_auth_attempts(node, op);
} else if (!strcmp(name, "auth-timeout")) {
ret = nc_server_config_auth_timeout(node, op);
} else if (!strcmp(name, "central-truststore-reference")) {
diff --git a/src/session_p.h b/src/session_p.h
index b49655e..32f6ea5 100644
--- a/src/session_p.h
+++ b/src/session_p.h
@@ -211,7 +211,6 @@
char *kex_algs; /**< Key exchange algorithms supported by the server. */
char *mac_algs; /**< MAC algorithms supported by the server. */
- uint16_t auth_attempts; /**< Number of allowed authentication attempts. */
uint16_t auth_timeout; /**< Authentication timeout. */
};
@@ -1027,8 +1026,6 @@
*/
int nc_session_ssh_msg(struct nc_session *session, struct nc_server_ssh_opts *opts, ssh_message msg, struct nc_auth_state *state);
-void nc_server_ssh_clear_opts(struct nc_server_ssh_opts *opts);
-
void nc_client_ssh_destroy_opts(void);
void _nc_client_ssh_destroy_opts(struct nc_client_ssh_opts *opts);
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
index 82e5397..e244c3b 100644
--- a/src/session_server_ssh.c
+++ b/src/session_server_ssh.c
@@ -1886,11 +1886,6 @@
break;
}
- if (session->opts.server.ssh_auth_attempts >= opts->auth_attempts) {
- ERR(session, "Too many failed authentication attempts of user \"%s\".", session->username);
- return -1;
- }
-
usleep(NC_TIMEOUT_STEP);
if (opts->auth_timeout && (nc_timeouttime_cur_diff(&ts_timeout) < 1)) {
/* timeout */